Add gRPC Authentication And Scope Authorization #8

New Issue

Closed

opened 2026-04-26 15:22:29 -04:00 by dohertj2 · 3 comments

dohertj2 commented 2026-04-26 15:22:29 -04:00

Owner

Copy Link

Copy Source

Source: $file
Milestone: $currentMilestone

Labels: area:auth, area:gateway, type:feature, priority:p0

Deliverables:

• gRPC auth middleware/interceptor,
• request identity context,
• scope checks for sessions, invoke, secure invoke, events, metadata, and
  admin actions.

Acceptance criteria:

• missing/invalid key returns unauthenticated,
• valid key with missing scope returns permission denied,
• auth applies to unary and streaming calls.

Tests:

• unary auth,
• streaming auth,
• scope mapping.

Source: $file Milestone: $currentMilestone Labels: `area:auth`, `area:gateway`, `type:feature`, `priority:p0` Deliverables: - gRPC auth middleware/interceptor, - request identity context, - scope checks for sessions, invoke, secure invoke, events, metadata, and admin actions. Acceptance criteria: - missing/invalid key returns unauthenticated, - valid key with missing scope returns permission denied, - auth applies to unary and streaming calls. Tests: - unary auth, - streaming auth, - scope mapping.

dohertj2 added this to the gateway-auth milestone 2026-04-26 15:22:29 -04:00

dohertj2 added the area:gatewayarea:authtype:featurepriority:p0 labels 2026-04-26 15:22:29 -04:00

dohertj2 added a new dependency 2026-04-26 15:28:33 -04:00

#2 Define Protobuf Contracts

dohertj2 added a new dependency 2026-04-26 15:28:33 -04:00

#5 Implement SQLite Auth Store And Migrations

dohertj2 added a new dependency 2026-04-26 15:28:33 -04:00

#6 Implement API Key Hashing And Verification

dohertj2 added a new dependency 2026-04-26 15:28:34 -04:00

#13 Implement Public gRPC Service

dohertj2 added a new dependency 2026-04-26 15:28:35 -04:00

#17 Implement Dashboard Authentication

dohertj2 commented 2026-04-26 16:50:56 -04:00

Author

Owner

Copy Link

Copy Source

Worker 1 is taking this issue.

Branch: agent-1/issue-8-add-grpc-authentication-and-scope-authorization
Worktree: C:\Users\dohertj2\Desktop\mxaccessgw-agent-1

Worker 1 is taking this issue. Branch: agent-1/issue-8-add-grpc-authentication-and-scope-authorization Worktree: C:\Users\dohertj2\Desktop\mxaccessgw-agent-1

dohertj2 referenced this issue from a commit 2026-04-26 17:05:02 -04:00

Issue #8: add grpc authentication and scope authorization

dohertj2 referenced this issue 2026-04-26 17:05:26 -04:00

Issue #8: add grpc authentication and scope authorization #63

dohertj2 referenced this issue from a commit 2026-04-26 17:06:25 -04:00

Merge PR #63: Issue #8 add gRPC authentication and scope authorization

dohertj2 commented 2026-04-26 17:06:55 -04:00

Author

Owner

Copy Link

Copy Source

Implemented and merged via PR #63: #63

Commit: fad0ac9
Merge commit on main: c8fb3e91a3
Branch: agent-1/issue-8-add-grpc-authentication-and-scope-authorization

Verification:

• dotnet build src\MxGateway.sln passed with 0 warnings and 0 errors.
• dotnet test src\MxGateway.sln passed: 127 total tests.

Acceptance criteria verified: gRPC authorization services enforce scopes, unauthenticated/insufficient-scope paths fail, authenticated calls populate request identity, and redaction tests cover auth context.

Implemented and merged via PR #63: https://gitea.dohertylan.com/dohertj2/mxaccessgw/pulls/63 Commit: fad0ac9 Merge commit on main: c8fb3e91a3f627844ff6a145f24c72f09eeb9411 Branch: agent-1/issue-8-add-grpc-authentication-and-scope-authorization Verification: - dotnet build src\\MxGateway.sln passed with 0 warnings and 0 errors. - dotnet test src\\MxGateway.sln passed: 127 total tests. Acceptance criteria verified: gRPC authorization services enforce scopes, unauthenticated/insufficient-scope paths fail, authenticated calls populate request identity, and redaction tests cover auth context.

dohertj2 closed this issue 2026-04-26 17:06:55 -04:00

dohertj2 commented 2026-04-26 17:07:18 -04:00

Author

Owner

Copy Link

Copy Source

Milestone gateway-auth complete.

Closed issues: #5, #6, #7, #8.
PRs merged: #56, #59, #62, #63.
Branches: agent-2/issue-5-implement-sqlite-auth-store-and-migrations, agent-2/issue-6-implement-api-key-hashing-and-verification, agent-2/issue-7-implement-local-api-key-admin-cli, agent-1/issue-8-add-grpc-authentication-and-scope-authorization.

Final verification commands run during issue verification:

• dotnet build src\MxGateway.sln
• dotnet test src\MxGateway.sln

Final merged main commit for this milestone: c8fb3e91a3.

Milestone gateway-auth complete. Closed issues: #5, #6, #7, #8. PRs merged: #56, #59, #62, #63. Branches: agent-2/issue-5-implement-sqlite-auth-store-and-migrations, agent-2/issue-6-implement-api-key-hashing-and-verification, agent-2/issue-7-implement-local-api-key-admin-cli, agent-1/issue-8-add-grpc-authentication-and-scope-authorization. Final verification commands run during issue verification: - dotnet build src\\MxGateway.sln - dotnet test src\\MxGateway.sln Final merged main commit for this milestone: c8fb3e91a3f627844ff6a145f24c72f09eeb9411.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

docs/prose-audit

docs/xml-doc-comments

feat/adopt-zb-health

feat/adopt-zb-telemetry-serilog

feat/tls-cert-autogen

feat/lazy-browse-children

test/client-e2e-coverage

docs/alarm-client-wm-app-finding

codex/fix-runtime-review-findings

agent-2/issue-50-client-packaging-documentation

agent-1/issue-49-cross-language-smoke-test-matrix

agent-1/issue-48-implement-java-client-session-values-errors-and-cli

agent-2/issue-35-parity-fixture-matrix

agent-3/issue-46-implement-python-async-client-values-errors-and-cli

agent-1/issue-47-scaffold-java-gradle-build

agent-2/issue-44-implement-rust-client-session-values-errors-and-cli

agent-3/issue-45-scaffold-python-package

agent-1/issue-40-implement-dotnet-values-status-errors-and-cli

agent-3/issue-42-implement-go-client-session-values-errors-and-cli

agent-2/issue-34-worker-live-mxaccess-smoke-test

agent-3/issue-43-scaffold-rust-workspace

agent-1/issue-39-implement-dotnet-gatewayclient-and-session

agent-2/issue-33-implement-graceful-shutdown

agent-3/issue-41-scaffold-go-module

agent-1/issue-38-scaffold-dotnet-client-projects

agent-3/issue-32-implement-heartbeat-and-watchdog

agent-1/issue-37-create-cross-language-client-behavior-fixtures

agent-2/issue-29-implement-event-sink-and-event-queue

agent-1/issue-36-publish-stable-client-proto-generation-inputs

agent-2/issue-28-implement-advise-unadvise-advisesupervisory

agent-1/issue-16-implement-blazor-server-dashboard

agent-3/issue-19-gateway-e2e-smoke-with-fake-worker

agent-2/issue-27-implement-additem-additem2-removeitem

agent-3/issue-18-build-fake-worker-test-harness

agent-1/issue-17-implement-dashboard-authentication

agent-2/issue-26-implement-register-and-unregister

agent-3/issue-14-implement-event-streaming-and-backpressure

agent-1/issue-15-implement-dashboard-snapshot-service

agent-2/issue-25-implement-sta-command-dispatcher

agent-3/issue-13-implement-public-grpc-service

agent-2/issue-31-implement-mxstatus-proxy-and-hresult-conversion

agent-1/issue-24-create-mxaccess-com-object-on-sta

agent-3/issue-12-implement-session-manager-and-registry

agent-2/issue-30-implement-value-conversion

agent-1/issue-23-implement-sta-runtime-and-message-pump

agent-2/issue-22-implement-pipe-client-and-frame-protocol

agent-3/issue-11-implement-gateway-workerclient

agent-1/issue-8-add-grpc-authentication-and-scope-authorization

agent-2/issue-7-implement-local-api-key-admin-cli

agent-3/issue-21-implement-worker-bootstrap-and-options

agent-1/issue-10-implement-worker-process-launcher

agent-2/issue-6-implement-api-key-hashing-and-verification

agent-3/issue-20-scaffold-worker-project

agent-2/issue-5-implement-sqlite-auth-store-and-migrations

agent-1/issue-9-implement-worker-frame-protocol

agent-3/issue-4-add-structured-logging-and-metrics-foundation

agent-2/issue-3-add-gateway-configuration-and-validation

agent-1/issue-2-define-protobuf-contracts

agent-1/issue-1-scaffold-gateway-solution-and-projects

No results found.

Labels

Clear labels

area:auth

Authentication and authorization

area:client-dotnet

.NET client library

area:client-go

Go client library

area:client-java

Java client library

area:client-python

Python client library

area:client-rust

Rust client library

area:contracts

Protocol and generated contract work

area:dashboard

Blazor dashboard work

area:docs

Documentation

area:gateway

Gateway server work

area:tests

Automated and live tests

area:worker

MXAccess worker process work

blocked

Blocked by dependency

priority:p0

Must-have / blocking

priority:p1

High priority

priority:p2

Normal priority

type:docs

Documentation work

type:feature

Feature implementation

type:infra

Infrastructure and scaffolding

type:test

Test work

No Label area:auth area:gateway priority:p0 type:feature

Milestone

No items

No Milestone gateway-auth

Projects

Clear projects

No project

Assignees

Clear assignees

dohertj2 (dohertj2)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Blocks

#13 Implement Public gRPC Service

dohertj2/mxaccessgw

#17 Implement Dashboard Authentication

dohertj2/mxaccessgw

Depends on

#2 Define Protobuf Contracts

dohertj2/mxaccessgw

#5 Implement SQLite Auth Store And Migrations

dohertj2/mxaccessgw

#6 Implement API Key Hashing And Verification

dohertj2/mxaccessgw

Reference: dohertj2/mxaccessgw#8